Blog

Recently, Verizon released their Data Breach report for 2017, and this year they decided to focus on industry-specific data. As a lot of our customers are in the hospitality sector, we decided to take a look at this aspect of the report first, as it brought up some very interesting statistics.

As you know, no industry is immune to the threat of a data breach, and we have seen a lot of hospitality breaches over recent years. Some that spring to mine include the breaches at Hilton, Hard Rock Cafe, Wendy’s, Mandarin Oriental Hotel Group and, of course, Trump Hotels.

The report but together by Verizon confirmed that the majority of data breaches in the hospitality industry were PoS attacks. They were financially motivated (99 per cent) and opportunistic, meaning hackers were capitalising on those with poor security methods in place. Most involved hacking threat actions and malware. So, considering Point of Sale intrusions dominate this industry, it is no surprise to see that 96 per cent of breaches were external and 4 per cent were internal. Less than one per cent of the breaches occurred for personal reasons. Only two per cent of the data compromised was personal, and only per cent were credentials. 96 per cent of the data stolen, however, was payment information.

So, what is an opportunistic attack?

Needless to say, any business that does not have effective data security in place is going to be viewed as an easy target. Nevertheless, we have found that most food service victims are smaller companies that do not have CISOs, IT departments, etc., yet they do accept payment via card, making them an easier victim for a cyber criminal.

The threat of malware-related breaches

Evidently, malware is a real problem in this industry, and so it is important to know the most common types of malware that are being used. 60 per cent of malware breaches reported featured keyloggers/spyware and C2. These were installed once the hacker had gained initial access. Moreover, 96 per cent of the malware-related breaches represented RAM scrapers.

Protecting your business

We don’t want you to become one of the statistics on the next Verizon report, so there are some important things to bear in mind:

Don’t be dated – Consistently and promptly patch and make sure that all servers and terminals are using the most recent software version.

Do you currently offer free WiFi at your restaurant? If not, you are missing out. A recent study conducted by Purple has revealed that almost two-thirds of diners would be more likely to re-visit a restaurant or bar if they could access WiFi. The survey, which involved 1,000 people, has shown that offering Internet access is a great way to boost loyalty.

The study also revealed at four in ten people always log in to the WiFi network when they are out for a meal or a drink. This is despite the trend for ‘no phone zones’ in venues, and quirky signs outside food establishments with the likes of: “Sorry, no WiFi, talk to each other.” The reality is that such signs and zones may have received a bit of attention on social media; they are few and far between.

This survey is not the first of its kind. Recently, OpenTable conducted their own research, and they found that two in five people would not go to a food establishment that did not have WiFi.

This represents an excellent opportunity for restaurant and bar owners, who should use free WiFi as a great way to entice potential customers and boost business. By offering free restaurant WiFi, you are bound to appeal to more people, and you can boost your customer base and profits as a result.

Retail Secure’s guest WiFi service comes with free customer analytics. Whenever someone connects to your WiFi network, you will receive instant data, which can help you to send targeted promotions and special deals. This is something that is proven to have an extremely positive effect. In fact, over a third of customers that were surveyed during Purple’s research stated that they would be a more loyal customer if they were able to access special offers via WiFi.

The study also revealed that just under a quarter of people use the Internet while in a restaurant or a bar to read reviews. Moreover, 30 per cent of people use the Internet while they are in restaurants and bars so they can see if there are any promotions on food and drink.

However, it is important to ensure that you are sending relevant, targeted marketing messages. Simply sending any old message won’t cut it. If you misuse online marketing, it could have a detrimental effect overall. Two-thirds of those surveyed stated that they would be less likely to visit a restaurant or bar after receiving irrelevant messages from the brand.

This won’t happen when you use our guest WiFi service, as all marketing messages are based on the customer data you have received. This enables you to ensure you are sending promotions, messages and special offers that are going to interest and appeal to the recipient. To find out more, click here.

It seems that every year that goes by, the number of data breaches multiply by a significant degree. This is certainly the cause for 2016, as more than 3.1 billion records went missing. Below, we are going to take a look at some of the biggest data breaches of 2016.

January

The year got off to a bad start, with a number of high-profile data breaches occurring, leading to way over 57 million records stolen. The spotlight was on the UK’s second largest supermarket, Asda, as it was reported that their online store had been exposing payment details for almost two years. Etihad Airways had only just learnt of a potential data breach that occurred in 2013, and Wendy’s fast food chain was also investigating a possible credit card breach. And, this is only the beginning… $6 million worth of Bitcoin was stolen from Cryptsy, €50 million was stolen from aerospace parts manufacturer FACC, and US health insurer Centene lost 950,000 people’s records.

February

Things couldn’t get much worse, and in February it quietened down – well, if you can call it ‘quiet’ – there were still numerous high-profile breaches. A ransomware attack left Lincolnshire Council using pen and paper, after it shut down their systems. Linux Mint was hacked after a lone attacker created a botnet, the details of 304,189 Chilean citizens looking for state benefits were stolen by a group of hacktivists called Chilean Hackers, and a hacker leaked over 9,000 people’s details from the Department of Homeland Security in the U.S.

March

March was another bad month, with over 20 million records stole in high profile cases. Cyber criminals stole $25 million from Russian banks via a phishing attack while Rosen Hotel chain discovered that credit card stealing malware had been attacking their systems for 17 months. Outdoor equipment retailer Bailey’s Inc. also suffered a breach, with 250,000 people potentially having their card details stolen. Plus, all those employed at Tidewater Community College in 2015 discovered they might have been impacted by a spear phishing scam.

April

April was the worst month yet, with over 166 million records stolen. This was the month that the Trump Hotel chain suffered yet another data breach, BeautifulPeople.com leaked the data of 1.1 million ‘elite’ daters, which ended up being for sale, and 93.4 million Mexicans were at risk after a voter database breach. Seven million members were impacted by the Minecraft community lifeboat breach, CoinWallet Bitcoin trader was forced to shut down following an incident, and an ex-employee caused ShapeShift to lose $230,000 in another Bitcoin data breach.

May

Surprise, surprise, the news does not get any better for May. This was the month when Tumblr and MySpace were hit by a huge breach, with hundreds of millions of hacked account details for sale online. In fact, it was a bad month for social networking in general, as 117 million hacked LinkedIn email addresses and passwords were also put up for sale. Japanese ATMs suffered a hit, with 1.4 billion Yen stolen from 1,400 ATMs. A data spill from a test server put Kiddicare customers at risk, and EPISD employee accounts were hacked, with money stolen.

June

More than half a million intimate messages were exposed from dating website, Muslim Match, in June 2016. If that wasn’t enough, 51 million iMesh passwords were dumped online, 45 million records from over 110 Verticalscope.com communities and domains were leaked, and 77,000 accounts of State Farm were leaked as a consequence of a DAC Group Hack.

July

In July, patients of Athens Orthopaedic Clinic were notified of a breach. They weren’t the only ones: more than 10 million customers were impacted by a data breach at a leading online shop in South Korea. The online voter registration portal in Illinois was hacked, with information compromised, and an email scam impacted King’s University College, impacting 451 students.

August

August was another bad month for fans of Minecraft, as data for six million gamers was stolen from Leet.cc servers. It was also a bad time for the healthcare industry, as patients of Dominican Hospital ended up transmitted to an incorrect health plan and SCAN Health Plan notified members that there had been unauthorised access to their information. China’s National Defense University (NDU) revealed that their computer system had been hacked, and Epic’s forum was hacked again, with more than 800,000 usernames and email addresses stolen.

September

You guessed it; September brought another wave of data breaches. The login details for 800,000 Brazzers users were leaked while 98 million accounts were leaked from Rambler.ru, a Russian Internet giant. Florida Bar Association was hacked, with members’ data compromised. ClixSense suffered a massive attack, with the passwords, usernames, email addresses and an abundance of other personal data stolen from 2.2 million people.

October

As the election in the U.S. heated up, there were numerous reported of election-related data breaches. It was revealed that hackers had been stealing credit card data from the Republican website for six months. Plus, pro-Donald Trump Great America PAC erroneously published the credit card numbers and expiration dates belonging to 49 donors. The personal data of medical marijuana patients was found in a public bin; proof that traditional identity fraud is still rife. At least 58 million people had their personal data leaked on the Internet due to a breach at Modern Business Systems, an online data storage firm, and major sites, such as Spotify, AirBNB, and Twitter, ended up online after Dyn was hit by a DDoS attack.

November

November was a horrific month, with over 450 million records stolen. Thieves used skimmers on ATMs at four hospitals in New York City to extract credit card data. Seguin dermatology practice was hit by a ransomware attack, and more than 412million adult accounts from FriendFinder Networks were exposed, including members of adultfriendfinder.com, cams.com, penthouse.com, stripshow.com, and icams.com. Canada’s National Defence Department also started investigating a hack of their recruiting site.

December

December wasn’t the season to be jolly for a lot of major companies around the world, including Yahoo. The tech giant suffered a huge data breach, with its billion account database for sale on the black market. Credit card data was stolen from Japanese hosting company Kagoya, and loyalty members of KFC’s Colonel Club were warned of a data breach after the company’s website was hacked. Dailymotion also suffered a hit, with 85 million login details stolen.

A new study has claimed that hackers can guess Visa card payment details in a matter of seconds. It is being reported that cyber criminals can utilise computers to make a number of attempts to obtain confidential payment data without the discovery of their illicit efforts. Of course, if you have a Visa credit card or debit card, as a huge number of people do, this is likely to cause huge concern. Below, we take a look at the recent study in further detail.

If you have watched the news lately, you will, no doubt, be aware of the fact that the banking and financial services industry has come under a lot of scrutiny lately. The most recent company to come under fire was Tesco Bank after a hacking scam cost £2.5 million and impacted 9,000 customers. Experts believe that the method that was used in this recent hack is the same method that can be used to guess Visa payment details. Experts from Newcastle University have said that with just an Internet connection and a laptop it is ‘frighteningly easy’ to guess Visa card details.

The approach that is used by the hackers is known as a ‘Distributed Guessing Attack’. It bypasses Internet security features, which means that hackers can make a large number of unsuccessful attempts to get the data of a Visa credit card, and they would not be flagged up. So, how do they acquire the details of a card? Well, this flaw means that hackers can systematically fire up a number of variations of payment data at thousands of websites. They can do this simultaneously, which means that cyber criminals can have all of the information needed within a matter of seconds, and thus they simply need to use the process of elimination to verify the correct details of a card. Of course, this can easily be done via a computer.

Mohammed Ali, a PhD student at Newcastle University, said that it’s easy for hackers to piece together card information like a jigsaw. Not only because of the flow that allows cyber criminals unlimited guesses, but also because different websites ask for different variations of the data field on a card to validate a purchase made over the Internet.

Visa has responded to the research, stating that the multiple fraud prevention layers they have in place have not been taken into account. They state that to make a transaction possible in the real world, multiple fraud prevention requirements need to be met. They also state that the most important thing for consumers to remember is that you are protected from liability if your card number is used fraudulently.

The Payment Card Industry Security Standards Council (PCI SSC) has warned that new EU legislation, which will come into effect in 2018, means that UK businesses could face a monumental £122 billion in data breach fines. Firms are being urged to act now to tighten up cyber security to avoid falling victim to the exponential fines.

So, what is this new regulation? Well, at present the maximum fine for a data breach is £500,000. However, under the European Union’s General Data Protection Regulation (GDPR), there will be the introduction of data breach fines for groups of companies equalling either four per cent of yearly worldwide turnover or 20 million euros, whichever is more. This means that firms could face 40 times the amount in fines compared to what they face at present, if not more.

This means that regulatory fines for small companies could multiply by 57, meaning the average cost to an SME would be £13,000. For large businesses, this rises to a monumental £11 million per organisation. And, remember; this is only a fraction of the expense that you will face. You then have the cost of identifying and rectifying the security vulnerability, setting up customer assistance, compensation costs, revenue loss, business disruption, and the expense of re-building your reputation, which is notoriously difficult after a security breach.

With that in mind, the PCI SSC is urging business and organisations to act now before it is too late. They are encouraging firms to develop and enhance their data security standards. The international director of PCI SSC, Jeremy King, has stated that the new legislation is a game changer for all companies, big and small.

You only need to look at the statistics to see that the vast majority of firms do not have adequate security measures in place, and, therefore, need to make urgent changes. In fact, the 2015 Information Security Breaches Survey, conducted by PWC for the government, revealed the 74 per cent of SMEs and 90 per cent of big corporations reported a data breach last year, which resulted in £1.4 billion in regulatory fines. Contrast this sum with the £122 billion anticipated for 2018, and it is not difficult to see how this could spell the end for any business that falls victim.

Recent data breaches have only highlighted this problem further. Take the TalkTalk breach as a prime example. The breach, which exposed the personal details of more than 150,000 customers, occurred because the telecoms provider had not applied even the most basic cyber security measures, according to Elizabeth Denham – the information commissioner at the ICO. They were hit with a record £400,000 fine from the Information Commissioner’s Office alone, and their profits are reported to have halved after the cyber attack, which cost the company £42 million in total.

To ensure your business has effective data protection measures in place, and is thus safeguarded from the new EU data breach fines, contact Retail Secure. Our solution dramatically minimises the chance of a data breach while helping firms to achieve PCI compliance, and it does this without costing you a fortune in the process. You can email us at enquiries@retailsecure.co.uk, or give us a call on 0333 320 8848.

Have you been debating whether to invest in guest WiFi at your store? A recent study by YouGov has shown that this is something that should not even be up for debate. The ‘Innovations in Retailing 2015’ report has revealed that customers want to have free WiFi in stores as a standard. Read on to discover more about the findings of the study and details on how customer WiFi will benefit your store.

Innovations in Retailing 2015 report findings

The report concluded that 35 per cent of customers would like free WiFi to be offered as a standard when visiting a retail store. They would rather see this than barcodes that can be scanned to give customers information on products, which only 19 per cent of respondents expressed a desire for. It is also more popular than staff equipped with tablets so they can assist customers with purchases in-store (21 per cent). Just to highlight how dominant customer WiFi has become, it is only five per cent behind self-service checkouts in the most wanted innovations in the retail sector.

Perhaps the most compelling finding of them all is that customers labelled free in-store WiFi as the technology that would be most likely to encourage them to choose one retailer over another. Therefore, by offering free WiFi to your customers, you can gain a clear advantage over your competition.

In addition to this, respondents to the survey seemed keen on using connected devices while shopping to enhance the experience. 23 per cent of those surveyed said that they have used a device to compare prices while shopping. This figure is greatest for 25-29 year olds (33 per cent), while 30 per cent of 16 to 24 year olds said they have done this.

Enhancing your retail store

The demand for free WiFi is evident, and there are many benefits your store can reap the rewards of by going for this approach. Of course, you will attract more people to your business, but the benefits extend beyond this. Do you know that you can also collect data about all of your customers in order to offer a better shopping experience and improve your targeted marketing campaign?

Whenever a customer connects to your WiFi network, you will instantly receive data about them. You can use this information to send targeted notifications to your consumers. This could be anything from special offers, to voucher codes, to information about new stock. You can use this to encourage your customers to spend more now or to lock in business in the future. To discover more about this, as well as the other features our retail guest WiFi service provides, simply click here.

It’s been a productive week here at Retail Secure, as we exhibited at the Takeaway & Restaurant Innovation Expo in London. The two-day event, which took place on Tuesday and Wednesday, went really well and we had the chance to make lots of great contacts.

The Exhibition

We were in good company too, as a huge number of impressive companies and organisations took part in the event, including The Nationwide Caterers Association (NCASS), Oneworld Packaging, QuickBite Magazine, Basilur Tea UK Ltd, and much more. In fact, our stand was right next to Just Eat, which we must admit we’ve ordered a takeaway or two via before!

The exhibition is the only one in the UK for takeaway and restaurant businesses, and there was a lot going on over the two days. Not only were there 300 exhibiting suppliers, but there were also free master classes and seminars, as well as interactive features and expert advice areas.

The event was an excellent opportunity for us to reach more businesses in this industry. We have already provided both of our flagship products, RetailCompli and Legally Compliant Guest WiFi, for a number of companies in the sector, and aim to build our client base over the coming year.

Our products and the Food Sector

Guest WiFi is a must for takeaways and restaurants nowadays, as this is something customers look for when they are choosing somewhere to eat. We were able to show businesses how they can use this platform to leverage numerous marketing opportunities.

Cyber security is also something that needs greater attention in this sector, and we enjoyed introducing our RetailCompli solution to many in attendance. Data breaches are growing by the day, and the food industry is not immune from the threat. All takeaways and restaurants that take payment via card need to comply with PCI DSS, which is something not all businesses do. Our solution helps to achieve this.

More and more businesses are offering free WiFi to their customers. This is a great way to enhance the service you provide to your customers, no matter whether you run a café, a hair salon, or a clothing store. However, the benefits extend a lot further than this, which is something not everyone realises. With that being said, read on to discover more about the unexpected benefits of guest WiFi.

Get to know your customers better – Many business owners do not realise that free WiFi is a great way to get to know your customers. Whenever someone connects to your WiFi network, data will instantly be sent to your central interface. This is extremely useful. After all, the only way to ensure your marketing plan is successful is to get a better understanding of your client base.

Make money there and then – Customer WiFi encourages people to spend more. There are numerous ways this is achieved. Firstly, when it comes to the likes of cafes and restaurants, customers are likely to stay at your business longer while using the WiFi, and this will result in them buying more drinks and food, and thus spending more. You can also send targeted marketing messages to those in your store, encouraging them to buy something. For example, you could provide a voucher code or reveal details of a special discount code you have running.

Ensure repeat business – Another benefit of guest WiFi is the ability to secure repeat business. You can send discounts for future visits, or you can offer customers a special discount if they refer a friend or family member to your business.

Differentiate your company – Offering guest WiFi is a great way to make your business stand out from the competition. Nowadays, more and more people look for free WiFi access when they are determining where to grab a bite to eat or where to go shopping.

Take advantage of new advertising channels – Guest WiFi opens you up to a wealth of different opportunities. Friendly WiFi is a prime example. If you become a Friendly WiFi provider, you will feature on a search base for parents and young adults that are seeking family-friendly WiFi. Not only does this shed your business in a good light, but it gives you another marketing medium as well.

Customised landing pages – Finally, another benefit associated with guest WiFi is the ability to have a customised login page. This is the page that all of your customers will see whenever they go to sign into your WiFi network. You can incorporate your logo on this page and any other marketing messages you believe will have an impact.

When you take the six points that have been mentioned above into consideration, it is not tough to understand why so many businesses are turning to guest WiFi to boost their popularity and profits.

Over the past few years, the attacks on point of sale (PoS) systems at hotels across the world have highlighted the need for hospitality businesses to act in order to protect the future of their company. A lot of experts have expressed that they believe security standards and central support need to be implemented for franchisees in the hotel sector. However, if you are reading this, you should not wait for someone to show you the way regarding cyber security, no matter what industry you operate in. There is no time to wait.

One of the most recent attacks involved the HEI Hotels and Resorts Group, with twenty hotels being hit by malware that targeted their PoS systems. The group is not the first one to report PoS malware card data breaches, and the way that things are going they won’t be the last. HEI Hotels and Resorts Group includes popular hotels such as Sheraton, Le Meridien, and the Marriott. Of course, the financial damage of such a breach is extortionate, but the fall-out is often a lot worse than most business owners consider.

Firstly, you will have to ensure you take all of the steps to stop the problem from getting worse, which can mean being out of business for a while. You also need to alert your customers, and you need to get to the bottom of the security vulnerability so that you can rectify it. This can be a lot more difficult than anticipated, and a lot of security breaches go unnoticed for months on end. You will then face fraud losses, and you will need to payout compensation to those that have been affected. And, what about non-compliance fines? All businesses that take card payments need to comply with the PCI DSS security standards. As you have failed to do this, you can expect extortionate fines passed on from your bank. Moreover, your interest rates are likely to go up as a result – that is if the bank will continue to do business with you.

All of this is without even considering the damage that a data breach can do to your reputation. When businesses book a stay at a hotel, they expect a relaxing time where they can let their troubles drift away. They don’t expect to be the victim of credit fraud, or at least to worry that they could be. You have a responsibility to protect your customers’ card data, and when you fail, trust is broken. This is something that is notoriously difficult to rectify, especially in an industry where there are so many businesses you are competing against, and so many other hotels that customers could go for instead.

Don’t be the next hotel to suffer a data breach. Make sure your business is protected. If you don’t know where to start, don’t fret, as Retail Secure can assist. All you need to do is give us a call to get started. You can be sure that our solution is one of the best in the industry, and it is affordable too.

Recent news has come to light that there could have been a significant data breach at Yahoo. A hacker has claimed that they have 200 million Yahoo accounts for sale, after listing them on the dark web market. These accounts are being sold for three Bitcoins, which relates to roughly £1,350 per entry. The data reveals the username, password, and birth date of the account holder. A test of a sample set has been conducted and it proves that the usernames do correspond to real accounts. Yahoo has yet to confirm or deny that a breach has taken place.

The cyber criminal, who has the moniker ‘Peace’, has also stolen email addresses and passwords from LinkedIn and MySpace in the past. Users need to purchase a key in order to unscramble the passwords. Yahoo has revealed that they are working to go to the bottom of the issue. The company, which was only sold to Verizon last week, is attempting to firstly determine if the details are in fact correct, and then if they were obtained during a hack.

Information surfacing indicates that the data was stolen back in 2012. This may seem alarming to many that a potential data breach could go unnoticed for roughly four years. However, it is not uncommon for data breaches to be undetected for a long time. A lot of businesses right now will have been the victim of a cyber attack and they won’t even realise it.

The attack is also similar to a lot of breaches that we have heard about lately. Only a few months ago, the credentials of 360 million MySpace accounts were put up for sale on the dark web. We have also experienced the sale of 65 million Tumblr emails and 117 million LinkedIn account details. So, what do you do if your email account has been hacked?

Firstly, you should change your password. This is something all Yahoo email users are advised to do as soon as possible. In fact, changing your password every three months is advised in any case. Choose a strong password that incorporates capital letters, lower case letters, symbols, and numbers, and make sure you don’t include any full words. If it is too late, and the hacker has already changed your account, you need to follow the ‘forgot your password’ link, and if that is unsuccessful, get in touch with the email account provider.

When possible, implement two-factor authentication, which involves adding another security layer aside from entering a password. For example, you may receive a new code via your phone whenever you want to login to your email account. This reduces the chance of someone gaining access. Yahoo, Hotmail, Microsoft, and Gmail offer two-factor authentication.

Last but not least, check your email settings. If your account has been breached, the hacker may have changed the settings so that every email you send or receive is forwarded to them. This allows them to look for your login details for other websites, which can lead to more serious issues.